What is the difference between Meterpreter shell and system shell?
For example, if I found some vulnerability in a system which allowed both shells, then what should I go for, system shell or Meterpreter shell?
What kind of stuff can I do with meterpreter shell but not with system shell and vice-versa?
In the context of your question, a system shell is something like cmd.exe powershell.exe bash ash sh running on the target machine and which you have access to via some network connection.
A meterpreter shell on the other hand is an application that wraps a system shell to make certain tasks easier. Such as transferring file, migrating between processes, dumping memory etc. You can access the system shell from meterpreter by typing 'shell'
Learn more about meterpreter here https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/
A system shell is a single payload that will open a network port, usually exposing a command line. Dead simple.
A meterpreter on the other hand, is a two stage payload that will first establish a communication channel from a single payload on the victim machine to the perpetrator, which will install a .dll with lots of different and usable functions. You don't just get a command line, you can have many other powerfull tools as well through this channel, which is usually encrypted by default, compared to the system shell channel.
From the Offensive Security Metasploit Unleashed website:
Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagersand is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more.
More details from the original specification:
Abstract: Meterpreter, short for The Meta-Interpreter, is an advanced payload that is included in the Metasploit Framework. Its purpose is to provide complex and advanced features that would otherwise be tedious to implement purely in assembly. The way that it accomplishes this is by allowing developers to write their own extensions in the form of shared object (DLL) files that can be uploaded and injected into a running process on a target computer after exploitation has occurred. Meterpreter and all of the extensions that it loads are executed entirely from memory and never touch the disk, thus allowing them to execute under the radar of standard Anti-Virus detection.
And:
At a high level, meterpreter looks similar to a typical command interpreter. It has a command line and a set of commands that can be run. The most visible difference is that the meterpreter client can control the set of commands by injecting new extensions on the fly. Since the extensions can potentially be applicable across architectures and platforms, the meterpreter client can use the same client interface (and command set) to control the extensions regardless.
So, you can think of it as an extensible command shell that provides the same interface across platforms. It injects itself to an existing process on the target and usually doesn't spin off new processes. Some of the built-in commands allow for uploading/downloading files, and setting up port forwarding through the target. Meterpreter also supports encrypted communication. You can read more at the previous links.
A "system shell" has much less in terms of features, except what you already get through shell commands. A user could notice your shell or it's child processes running on target. There may not be encryption unless you have set it up yourself. Uploading/downloading files may be limited to copy and paste.
